[cryptography] embbeded pw kdf?

Krisztián Pintér pinterkr at gmail.com
Fri Aug 5 07:13:19 EDT 2016


On Fri, Aug 5, 2016 at 12:07 PM, stef <s at ctrlc.hu> wrote:
> is the best one can do in such situations a naive:
>
> H0 = password
> H_n = hash(H_n-1, device unique salt), 1<=n<max_iterations

contrary to the popular beliefs, this is actually perfectly safe. but
if you want to avoid comment storm, you can opt for pbkdf2.

with keccak, you can do it even easier:

keccak(pwd || salt || etc || 0000..n..0000)

which is practically absorbing the password and stuff, and then doing
a lot of keccak-f permutations. you can also consider keccak-f[200],
which is byte based. it practically supports 96 bit security level.

it also has the upside that you can avoid comment storm by referring
to a lecture the keccak team gave, in which they briefly present this
idea. this assumes i can find it again, it was on youtube.


More information about the cryptography mailing list